.Aesir file extension virus becomes part of Locky ransomware family
It seems that Locky ransomware's authors entitle new viruses after names of Norse gods. The latest ransomware example is dubbed as .Aesir file extension virus. According to Norse mythology, Æsir is the principal of gods of the pantheon: examples include Thor, Odin, Loki (Locky), and Heimdall. The new version targets around 456 different file types, and again uses a combination of AES-1024 and RSA-2048 to render personal files useless. This ransomware kin has proved that its has been created by high-skilled programmers who definitely know how to manipulate complex obfuscation layers to successfully deliver ransomware to target computers and encrypt all files there.
What’s new in Aesir virus project is that it uses a different C2 server (126.96.36.199/information.cgi, 188.8.131.52/information.cgi, or 184.108.40.206/information.cgi) and drops a differently titled ransomware note - _[set of chars]-INSTRUCTION.html. When encrypting the data, the virus appends gets rid of the original filename and replaces it with a certain set of chars, and also adds .aesir file extension instead of the original one. As soon as it encrypts all files, virus develops a .html file (the ransom note), and saves a copy of it to every folder with encrypted data, including Desktop to deliver information about possible decryption options. The ransom note launches via user’s default web browser and displays the classic Locky’s "! ! ! IMPORTANT INFORMATION ! ! !" message, which provides links to Wikipedia’s articles about RSA and AES cryptographic systems, also ones leading to personal ransom-payment site, and instructions on how to download Tor browser, which helps to access them. Finally, Aesir ransomware virus replaces the desktop image with a black picture featuring text provided in the ransom note.
.Aesir ransomware encodes with with unbreakable encryption, and once files are locked, they’re lost. The criminals working behind this cyber extortion project want victims to pay ransoms in order to receive software that is built based on a secret decryption code that is the only key to data recovery. There is no way to find out this code without criminals’ help, and we can assure you that these scams do not intend to negotiate. They ask to buy certain amount of Bitcoins and send them to their Bitcoin waller to get the Locky decryptor. Instead of taking your hardly-earned money and giving them away to criminals, think whether it’s worth it. You should also take into account the fact that 20% of all ransomware victims who paid the ransom never got their files back because criminals simply refused to provide them with decryption software. You must understand that scammers only care about the money, not about your well-being. Therefore, you should keep your money to yourself and remove .Aesir virus without a doubt.
How to remove .Aesir file extension virus and restore encrypted files?
.Aesir file extension virus is not one of those mid-level malware examples that are complex but in one or another case decryptable. Frauds who code this virus know what they’re doing and why they’re doing, and they shamelessly attack innocent computer users who surf the world wide web without expecting to encounter anything bad there. We suggest you remove .Aesir file extension virus as soon as you can along with Nemucod and other malware. For that, employ Reimage. Run the PC in a Safe Mode with Networking first because the malicious program might block your anti-malware tool so that you couldn’t use it against it.
News Courtesy : http://www.2-spyware.com/remove-aesir-file-extension-virus.html